We are going to see the big battle for ERM standard supremacy in the next 5 years between COSO and ISO 31K.
COSO is the ERM standard that was developed by the Committee of Sponsoring Organizations. It is an ERM guideline for the financial folks. It has been used since 1992. It is comprehensive. It is used by most publicly held organizations as their GRC and ERM model. See the COSO cube below.
Well, the folks who brought us ISO 9001 wants us to use ISO 31000. The standard is structured similarly to ISO 9001, but has a risk inflection. See below an outline for ISO 31000.
How is the battle for ERM supremacy going to be won? COSO has longevity. It is top down incorporating GRC and ERM. ISO 31000 is going to placed side by side ISO 9001 and ISO 14001. ISO has more than a million companies implementing ISO 9000 at a relatively low level. Let the battle begin.